Deploy Azure Kubernetes Service(AKS) Cluster using Terraform and Azure DevOps YAML Pipeline

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello my name is shalanda chaudhary and in this video i'll show how to deploy azure kubernetes service cluster using terraform and azure devops pipeline so let's start this slide shows all the resources which will be created in this video on the left side of the screen are the prerequisite resources which have to be created before deploying the cluster so the first resource which will be created is service principle azure kubernetes cluster requires service principle to access different resources as well as interact with them like container service and virtual network and then we have to manually create the azure key vault where we'll create the different secrets like ssh public key which will be used by aks cluster nodes to connect to each other passwordless and the spn client id and the secret will be stored in the azure keyword so when will deploy the cluster these values will be fetched directly from the azure key vault and these sensitive information will not be passed as a plain text right side of the screen shows the resources which will be deployed using terraform and azure devops pipeline first we'll create the vnet and the subnet and then the aks cluster and the node pool within that subnet so let's start with the prerequisite resources first i have created a github repo for this video this is aks terraform is the name of the repository and there is one powershell script which i have created for the prerequisite steps let me show you these are some of the parameters which have to be provided to run this powershell script first it will create a key vault service and once it's created it will generate ssh key once a session key is generated that ssh key will be stored into the keyword secret and the service principle client id and the secret will also be stored in the key vault service and finally the service principle will be provided access to the key vault secret using the access policy so let's start deploying i have opened the powershell in the cloud shell because we will be using the powershell script so let's open the editor and copy paste from the github i'll copy the value of these parameters from a text file which i've saved somewhere else so as you can see the keyword name which is aks demo cluster key vault location is australia east key vault rg is aks demo rg same vs hkey secret how it should be named and the spn client id and all these details are provided only one of the value is missing which is sbn client secret which we have to create now let's go to azure active directory app registrations applications this is the service principle for our devops pipeline let's click on this certificates in secret and we'll create a new client secret aks demo we'll provide in the description and we'll copy the value and provide it into our script this is highly sensitive information because using the client secret anyone can log into the azure however in this case i'll delete the secret before uploading the video be very careful while using these client secrets i'll save this aks.ps1 let me increase the size of this aks dot ps1 so resource group is created now now the keyword is also so for the ssh we will not provide any passphrase so secrets are getting created and the script completed successfully so let's check we'll go to the key vault we can see the three secrets one is aks ssh public key spn id and the sbn secret and if we'll go to the access policies you can see my user is provided access along with the spn so that's good now these were the prerequisite steps for creating the aks cluster now i'll show you the terraform templates which i have created for the cluster if i'll go to main.tf you can see in the data it's pulling the value from the azure key vault and it's pulling the secrets for the ssh public key spn id spin secret and then it's creating the virtual network and the subnet it's creating the resource group for the aks and finally creating the aks cluster with the default node pool and here you can see the client id and secret for the service principle are provided to the aks cluster if we'll check in the variables all these values are set as variables which is provided in the form of auto.tf was so these are the values vnet name will be aks vnet ssh key which is created and saved in the key vault and these are the cider ranges and the resource group for the key vault keyword name region and the cluster name and finally the agent pool will be the pool one within two nodes and this will be the skew size and the disk size so now i'll deploy these terraform templates using the azure pipeline so i'll log into my azure devops i'll go to the same project which i have been creating videos on youtube app service go to the pipeline create a new pipeline go to github and aks data form is the repo i'll create a startup pipeline and let's create the steps show assistant terraform as you can see the terraform cli but before this i want to show how this terraform cli is coming so if we'll go to the manage extensions i have added an extension as your pipeline terraform task so you can go to the marketplace and look for this extension there you can find it and you can get it free and install it on the devops project however in my case i've already done it so i don't need to do it let's go to the pipeline again i'll click on terraform cli so there are multiple steps which we have to perform to run the terraform first we have to initialize then we have to plan and then apply so if we'll start with initialize current working directory the backend is local i'm not storing the terraform backend into azure storage so i'll just keep it local and add then i'll add another task i'll provide the display name display name as teraform it's a good idea to provide the display name because whenever you run the pipeline otherwise terraform cli will show in the steps now it'll show the terraform in its step is performing right now let's add another task for the plan terraform cli and plan i don't want to send any telemetry because this is the third party extension so it runs for azure aws and google but here we are running on the azure so i'll select the azure service connection and add i'll add the display name here also terraform plan and one more thing i don't want to trigger this pipeline whenever i make a change so i'll make it none first i want to see whether the plan is working fine if everything goes well then i'll add that apply step so let's save it and run so it's waiting for the agent to run so it has started now it's downloading the file terraform has initialized and terraform plan is running now as you can see the plus is the create an aks cluster will be created with the resource group subnet and the virtual network so this is good so let's add the last step which is apply go to edit pipeline and let's search for terraform cli and apply step in the provider i have to provide the service connection and add and i'll add the display name terraform apply save and run now it will repeat all the steps it will initialize then then it will plan and then finally it will apply and now the apply step is running as you can see first resource group is created then virtual network then subnet and then cluster it's getting created right now it took around four minutes and now aks cluster is deployed so let's check this in portal as you can see our cluster is running 1.21.7 this is the version which we provided this is default version right now node pools there is one pool should be there pool one and there are two nodes created in it so that's good let's try to log into this cluster i'll change it from powershell to bash because we have to run the accli command to get the credentials of the kubernetes cluster cubectl is the command line tool which is used for the management of the cluster and cubectl requires cube config so we'll run the az so we'll run the azcli command i'll copy the resource group name and the name of the cluster which is aks demo cluster now the context is saved and a cube config is also saved so let's check cube ctl get nodes and perfect you can see there are two different nodes in the cluster so in this video we have deployed the aks cluster using terraform and the azure devops pipeline however there were some prerequisite steps which we have performed using the powershell the details of the terraform template and the powershell script will be provided in the description i hope you like this video please like and subscribe thank you

Info

Channel: Shailender Choudhary

Views: 13,694

Rating: undefined out of 5

Keywords: azure, aks, kubernetes, terraform, yaml, pipeline, release, devops, security, devsecops, cloud, cicd

Id: o_sQvOHWIcU

Channel Id: undefined

Length: 13min 48sec (828 seconds)

Published: Mon Feb 07 2022